So, what exactly is a PIA? A PIA is a process to determine the effects of program and service delivery on individual privacy and to develop a plan to avoid or mitigate any adverse effects. Furthermore, a PIA is a means to communicate the government's privacy regime and thereby promote transparency, accountability and public confidence.
Conducting a PIA is similar to following a continuous risk management approach. The PIA process includes four primary steps: Project Initiation, Data Analysis, Privacy Analysis and Privacy Impact Assessment Report.
If you'd like to learn more about risk management, check out
the Enhanced Management Framework.
PIAs should be treated as part of your department's normal project management activities.
Preliminary Privacy Impact Assessments (PPIAs) also exist and are useful if you don't have enough information to complete a full PIA or if you are doubtful as to whether or not there are privacy-related concerns with a particular program or service that may necessitate a full PIA.
A PPIA would most likely be completed during the Project Initiation phase of a full PIA project.
A PPIA is also a very useful tool to justify why a full PIA may not be warranted.
Check out Annex B of the Privacy Impact Assessment Guidelines document. You'll find a suggested Table of Contents for a Preliminary PIA.
What I will learn
Why do a PIA?
What I will learn?